2.2 Setting Up Remote Management to Manage a Linux Device

2.2.1 Configuring the Remote Management Settings on a Linux Device

The Remote Management settings are rules that determine the behavior or the execution of the Remote Management service on the managed device. The settings include configuration for the ports, session settings, and performance settings during the remote session. These settings can be applied at zone, folder, and device levels.

NOTE:On Linux devices, only password based authentication is enabled for remote management and the rights based authentication is disabled by default. It is recommended to set a password for the Linux device to secure it from unauthorized access.

The following sections provide information on configuring the Remote Management settings at the different levels:

Configuring the Remote Management Settings at the Zone Level of a Linux Device

By default, the Remote Management settings configured at the zone level apply to all the managed devices.

  1. In ZENworks Control Center, click Configuration.

  2. In the Management Zone Settings panel, click Device Management, then click Remote Management.

  3. Click the Linux Settings tab.

  4. Select Run Remote Management Service on Port and specify the port to enable the Remote Management service to run on that port.

    By default, the Remote Management service listens on port number 5950.

  5. Select one of the following options:

    • Allow Full Control: Enables the administrator to remotely control and also remotely view the managed device.

    • Allow View Only: Enables the user to remotely view the managed device.

  6. Select the Ask for permission from user on the managed device option to request the permission from the user on the managed device before starting a Remote Control or Remote View session on the device.

  7. Select the option to enable the Remote Login service. By default, the Remote Login service listens on port number 5951. You can choose to specify a different port number.

  8. To configure the password policy for handling the remote sessions on the device, select one of the following:

    • Use the Same Password Across Sessions: This is the default option of the password policy and enables the administrator to use the same password across all the remote sessions on the device. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device.

    • Clear the password After Every Session: If this option is selected, the user must set the password for every session and communicate the password to the remote operator through out-of-band means such as telephone. The password is cleared after every successful or unsuccessful attempt for a Remote Management operation. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device

    • No Password: If this option is selected, then Remote Control, Remote Login, and Remote View sessions are launched without asking for a password.This option is not recommended because it allows access to the managed device without any password.

  9. (Optional) Configure a remote management proxy to perform remote operations on the managed device.

    If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. You must install the proxy separately. For information on installing the remote management proxy, see Section 2.5.1, Installing a Remote Management Proxy.

    Task

    Details

    Add a remote management proxy

    1. Click Add to display the Add Proxy Settings dialog box.

    2. Fill in the following fields:

      Proxy: Specify the IP address or DNS name of the remote management proxy.

      IP Address Range: Specify the IP addresses of the devices you want to remotely manage through the remote management proxy. You can specify the IP address range in one of the following ways:

      • Specify the range of IP addresses using CIDR (Classless Inter-Domain Routing) notation. With CIDR, the dotted decimal portion of the IP address is interpreted as a 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash (/n) is the prefix length, which is the number of shared initial bits, counting from the left side of the address. The /n number can range from 0 to 32, with 8, 16, 24, and 32 being commonly used numbers. Examples:

        123.45.678.12/16: Specifies all IP addresses that start with 123.45.

        123.45.678.12/24: Specifies all IP addresses that start with 123.45.678.

      • Specify the range of IP addresses in the From IP address - To IP address format. For example:

        123.45.678.12 - 123.45.678.15: Specifies all IP addresses in the range 123.45.678.12 to 123.45.678.15.

    Delete a remote management proxy

    1. Select the proxy you want to delete.

    2. Click Delete, then click OK.

  10. Click Apply, then click OK.

These changes are effective on the device, when the device is refreshed.

Configuring the Remote Management Settings at the Folder Level of a Linux Device

By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the devices within a folder:

  1. In ZENworks Control Center, click Devices.

  2. Click the folder (details) for which you want to configure the Remote Management settings.

  3. Click Settings, then click Device Management > Remote Management.

  4. Click Override.

  5. Edit the Remote Management settings as required.

  6. To apply the changes, click Apply.

    or

    To revert to the system settings configured at the zone level, click Revert.

  7. Click OK.

These changes are effective on the device, when the device is refreshed.

Configuring the Remote Management Settings at the Linux Device Level

By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the managed device:

  1. In ZENworks Control Center, click Devices.

  2. Click Servers or Workstations to display the list of managed devices.

  3. Click the device for which you want to configure the Remote Management settings.

  4. Click Settings, then click Device Management > Remote Management.

  5. Click Override.

  6. Edit the Remote Management settings as required.

  7. To apply the changes, click Apply.

    or

    To revert to the previously configured system settings on the device, click Revert.

    If the Remote Management settings on the device were configured at the folder level, the settings revert to the configured folder level settings; otherwise, they revert to the default zone level settings.

  8. Click OK.

These changes are effective on the device, when the device is refreshed.

2.2.2 Configuring the Remote Management Agent Password on a Linux Managed Device

If the password policy for performing remote session on a Linux managed is configured to use a password to remotely connect to the device, the user on the managed device must set a Remote Management Agent password and communicate the password to the remote operator. For more information on setting the password policy for Remote Management sessions, see Configuring the Remote Management Settings at the Zone Level of a Linux Device.

Setting Up the Remote Management Agent Password on the Managed Device

The user on the managed device must create a Remote Management Agent password on the device and communicate the password to a remote operator in order to enable the remote operator to remotely manage the device.

To set the Agent password on the managed device, enter the following command at the shell prompt:

# /opt/novell/zenworks/sbin/zrmservice --passwd

The password is case-sensitive and should be between three to eight characters in length.

NOTE:You need not set the password on the device if the Password Policy is configured to No password.

Clearing the Remote Management Agent Password

To clear the Agent password on the managed device, enter the following command at the shell prompt:

# /opt/novell/zenworks/sbin/zrmservice --clrpasswd

2.2.3 Starting Remote Management Operations on a Linux Device

The remote session is initiated by the administrator on the management console. The management console is typically placed within an enterprise network and the managed device can be either within or outside the enterprise network. The following illustration depicts a remote session initiated on the managed device from the management console.

Figure 2-3 Console-Initiated Session on a Linux Device

The Remote Management Agent starts automatically when the managed device boots up. A default Remote Management policy is created on the managed device when the device is deployed. You can remotely manage the device using this default policy in rights-based authentication mode only. If you create a new Remote Management policy, the new policy overrides the default policy.

If the ZENworks Management Zone setup is spread across two or more NAT-enabled private networks that are interconnected by a public network, you must deploy DNS_ALG on the gateways of these private networks. DNS_ALG ensures that the DNS lookup queries initiated by the ZENworks components return the correct private address mapped hostname and enables the communication between the management console and the managed devices. For more information on DNS_ALG, refer to DNS ALG RFC - 2694 (http://www.ietf.org/rfc/rfc2694).

If you want to remotely manage a device by using its DNS name, ensure that Dynamic DNS service is deployed in the network.

To initiate a Remote Management session on a Linux device

  1. In ZENworks Control Center, click the Devices tab.

  2. Click Servers or Workstations and select the device you want to remotely manage. Click Action, then select the Remote Management operation you want to perform.

    or

    In Device Tasks in the left pane, select Remote Control.

  3. In the Remote Management dialog box, select Remote Control, Remote View, or Remote Login.

  4. Fill in the options in the dialog box that displays. The following table contains information on the various options available:

    Field

    Details

    Device

    Specify the host name or the IP address of the device you want to remotely manage.

    Operation

    Select the type of the remote operation you want to perform on the managed device.

    Authentication

    The Password-Based Authentication is the only mode of authentication.

    Port

    Specify the port number on which the Remote Management service is listening. By default, the port number is 5950

    Enable Logging

    Logs session and debug information in the novell-zenworks-vncviewer.txt file. The system saves the file in the install location of the ZCC Helper.

    Route Through Proxy

    Enables the remote management operation of the managed device to be routed through a remote management proxy. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy.

    NOTE:The Route Through Proxy option is not yet supported on Linux.

    Fill in the following fields:

    Proxy: Specify the DNS name or the IP address of the remote management proxy. By default, the proxy configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy.

    Proxy Port: Specify the port number on which the remote management proxy is listening. By default, the port is 5750.

    NOTE:The Remote Management Audit displays the IP Address of the device that is running the remote management proxy and not the IP address of the management console.

  5. Click OK to launch the selected remote operation.

NOTE:The Auto mode might not work properly for SLES10 64-bit devices. You can select a scale of 25 to 150% from the remote viewer Display option.

2.2.4 Preparing a Linux Device for a Remote Control Session

If you want to remote control a Linux device, perform the steps mentioned based on the Linux version installed on the device.

Preparing a open-SUSE LEAP 15 Device

Gnome Display Manager

Before remote controlling a open-SUSE LEAP 15 device, ensure that the you perform the following steps:

  1. Edit the custom.conf file located in the etc/gdm/, uncomment WaylandEnable=false.

  2. Run the following command to restart Gnome Display Manager (GDM):

    Systemctl restart DisplayManager.service

2.2.5 Preparing a Linux Device for a Remote Login Session

If you choose to remotely login to a Linux device, a grey screen might appear if some settings are not configured on the device. To enable a Remote Login session to be successfully launched on a Linux managed device, you must enable the XDMCP configuration on the device and disable the firewall For more information on preparing a Linux device for a Remote Login session, review the following sections:

NOTE:Remote login is supported only on devices running Gnome Display Manager.

Preparing a SLES 10 / SLED 10 Device

Gnome Display Manager

  1. Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/opt/gnome/gdm/gdm.conf enable

  2. Run the following command to restart the Display Manager.

    /etc/init.d/xdm restart

KDE Display Manager

  1. Edit the /etc/X11/xdm/Xaccess file to uncomment the following line:

    * # only local host can get a login window

  2. Edit the /opt/kde3/share/config/kdm/kdmrc file to enable XDMCP to true.

  3. Run the following command to restart the Display Manager.

    /etc/init.d/xdm restart

Preparing a SLES 11 / SLED 11 Device

Gnome Display Manager

  1. Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/dbus-1/system.d/gdm.conf enable

  2. Run the following command to restart the Display Manager.

    /etc/init.d/xdm restart

Preparing a SLES 12 / SLED 12 Device

Gnome Display Manager

  1. Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -r -cf /etc/dbus-1/system.d/gdm.conf enable

  2. Run the following command to restart the Display Manager.

    systemctl restart display-manager.service

Preparing a SLES 15 Device

Gnome Display Manager

  1. Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/dbus-1/system.d/gdm.conf enable

  2. Restart the device.

Preparing an open-SUSE LEAP 15 Device

Gnome Display Manager

  1. Edit the custom.conf file located in the etc/gdm/, uncomment WaylandEnable=false.

  2. Restart the device.

  3. Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -r -cf /etc/dbus-1/system.d/gdm.conf enable

Preparing an open-SUSE LEAP 42.3 Device

Gnome Display Manager

  • Run the following command to enable the Gnome Display Manager (GDM):

    sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -r -cf /etc/dbus-1/system.d/gdm.conf enable

Preparing a RHEL 6 Device

Gnome Display Manager

  1. Run the following command to display a fonts directory:

    mkdir -p /usr/X11R6/lib/

  2. Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:

    ln -s /usr/share/X11/ /usr/X11R6/lib/X11

  3. Edit the file /etc/gdm/custom.conf and add the following entry:

    [xdmcp]

    Enable=true

  4. Run the following command to restart the Display Manager:

    init 3

    init 5

KDE Display Manager

  1. Run the following command to create a fonts directory:

    mkdir -p /usr/X11R6/lib/

  2. Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:

    ln -s /usr/share/X11/ /usr/X11R6/lib/X11

  3. Enable the Remote X GUI Login on the device by using XDMCP and KDM configuration. For more information on how to enable the Remote X Login, see Red Hat documentation.

  4. Run the following commands as root to restart the X Server:

    init 3

    init 5

Preparing a RHEL 7 Device

Gnome Display Manager

  1. Run the following command to display a fonts directory:

    mkdir -p /usr/X11R6/lib/

  2. Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:

    ln -s /usr/share/X11/ /usr/X11R6/lib/X11

  3. Edit the file /etc/gdm/custom.conf and add the following entry:

    [xdmcp]

    Enable=true

  4. Run the following command to restart the Display Manager:

    init 3

    init 5